Thousands of Mobile Apps Leak Data from Firebase Databases

Ionut Arghire | June 20, 2018

Thousands of Mobile Apps Leak Data from Firebase Databases
Thousands of mobile applications running on iOS and Android have exposed over 113 gigabytes of data from 2,300 unsecured Firebase databases, enterprise mobile security firm Appthority says in a new report. The new research follows last year’s report into the HospitalGown attack vector, which revealed that more than 1,000 mobile apps on enterprise devices were exposing potentially sensitive data via insecure connections with backend servers.  Similar to the HospitalGown vulnerability, which was found in mobile applications’ architecture and infrastructure, the new security flaw resides in mobile app developers failing to require authentication to a Google Firebase cloud database. One of the most popular backend database technologies for mobile apps, Firebase does not secure user data by default. It does not warn developers when data is not secure and does not provide third-party encryption tools either.  To ensure data is secure, app builders need to specifically implement user authentication on all database tables and rows, but that rarely happens, Appthority explains in a report (PDF). Because of that, an attacker can easily find open Firebase app databases and access private records. The security issue, which the security firm refers to as the Firebase vulnerability, has a huge impact, leaking 100 million records (113 gigabytes) of data from unsecured Firebase databases.  After digging through millions of applications, the security researchers discovered 28,502 mobile apps (27,227 Android and 1,275 iOS apps) connected to a Firebase database, 3,046 of which (10.69%) were found vulnerable (2,446 Android and 600 iOS apps).

Spotlight

From smart homes, smart cities to smart grids, Internet of Things (IoT) is set for a steep growth. Connected cards, healthcare, sports & fitness are some of the drivers of IoT. Here is a look at IoT and its challenges.


Other News

AI APPLICATIONS

Enterprise AI platform Dataiku launches managed service for smaller companies

Dataiku | June 15, 2021

Dataiku is going downstream with a new product today called Dataiku Online. As the name suggests, Dataiku Online is a fully managed version of Dataiku. It lets you take advantage of the data science platform without going through a complicated setup process that involves a system administrator and your own infrastructure. If you’re not familiar with Dataiku, the platform lets you turn raw data into advanced analytics, run some data visualization tasks, create data-backed dashboards and train machine learning models. In particular, Dataiku can be used by data scientists, but also business analysts and less technical people. The company has been mostly focus...

Read More

AI TECH

Tech Mahindra and Subex Partner to Drive Scale Adoption of Blockchain-based Solutions for Telecom Operators Globally

Subex | November 05, 2020

To enable fraud mitigation and drive operational efficiencies for communication service providers by reducing compliance complexities and faster time-to-market 5th November 2020, BENGALURU, INDIA – Tech Mahindra, a leading provider of digital transformation, consulting, and business re-engineering services and solutions, and Subex, an industry leader in providing services based on Digital Trust, have announced strategic partnership to roll-out blockchain based solutions for telecom operators globally. These solutions will enable fraud mitigation and drive operational efficiencies for communication service providers (CSP) by reducing compliance complexities and faster tim...

Read More

Google Cloud and STS to Automate U.S. Navy Maintenance Inspections Using AI and ML Technology

Prnewswire | August 28, 2020

Google Cloud and Simple Technology Solutions (STS)—a Google Cloud partner and small business specializing in multi-cloud solutions for the federal government—today announced they are working with the U.S. Navy to modernize the maintenance and repairs inspection process for Navy vessels and facilities. STS will use Google Cloud artificial intelligence (AI) and machine learning (ML) technologies on inspection drone-captured images to detect, prioritize, and predict its maintenance needs. The work was awarded to STS as a Phase I Small Business Innovation Research project due to the technology innovation and potential for commercialization....

Read More

THE BEST UPWORK AGENCY – THE FOURTH AWARD

MobiDev | July 24, 2020

This year MobiDev won the fourth award as Upwork’s Best Agency in Ukraine. The first place in the Web, Mobile & Software Development category is ours for the fourth year in a row. Although this year, the Upwork Ukraine Awards Ceremony took place online in Zoom, that didn’t stop us from attending it.We are proud to keep the leading position and to justify the confidence of our clients for many years. Without such an awesome team none of this would have been possible. Thank you, guys! Alone we could do so little, together we are capable of so much....

Read More

Spotlight

From smart homes, smart cities to smart grids, Internet of Things (IoT) is set for a steep growth. Connected cards, healthcare, sports & fitness are some of the drivers of IoT. Here is a look at IoT and its challenges.

Resources

Events